问题描述
我使用的是spring-security-core,并设置了安全通道功能,这在我的开发机器上工作得很好。我在Config.groovy中找到了以下内容:
$ p $ grails.plugins.springsecurity.secureChannel.definition = [
' / order / checkout':'REQUIRES_SECURE_CHANNEL',
'/ order / paymentComplete':'REQUIRES_INSECURE_CHANNEL'
]
另外,部署到Heroku时,相关的订单处理工作正常,只要,我注释掉以上几行。只要我把它们放回去,我就会得到:
我在服务器上看到很多请求,而Firebug net view显示:
我有PiggyBack SSL添加到Heroku中,并且我可以指定https:// ...地址导航到网站的其他部分,在这种情况下,浏览器将保持SSL模式。但是,如果我访问
https:/www.momentumnow.co/order/checkout
直接寻址,我得到相同的重定向循环问题。你知道问题是什么或者我可以如何进一步调试。如果是后者,请您更新评论区域,我会回复问题区域的更新。谢谢
PiggyBack SSL - 关于 grails.plugins.springsecurity.portMapper.httpPort
和 grails.plugins.springsecurity.portMapper.httpsPort
配置属性。
I'm using spring-security-core and have setup the secure-channel capabilities, which work fine on my development machine. I've got the following in Config.groovy
grails.plugins.springsecurity.secureChannel.definition = [
'/order/checkout': 'REQUIRES_SECURE_CHANNEL',
'/order/paymentComplete': 'REQUIRES_INSECURE_CHANNEL'
]
Also, deploying to Heroku the associated order processing works fine, as long as I comment out the above lines. As soon as I put them back in, I get:
I see many requests come in on the server, and the Firebug net view shows:
I've got the PiggyBack SSL added on to Heroku, and I'm able to specify an https://... address to navigate to other parts of the site, in which case the browser stays in SSL mode. But if I access the
https:/www.momentumnow.co/order/checkout
address directly, I get the same redirect loop problem. Do you know what the problem is or how I can debug this further. If the latter, would you please update the comment area, and I will respond with updates to the problem area. Thanks
PiggyBack SSL documentation indicates:
"Piggyback SSL will allow you to use https://yourapp.heroku.com, since it uses the *.heroku.com certification. You don't need to buy or configure a certificate, it just works. https://yourcustomdomain.com will work, but it will produce a warning in the browser."
I'll probably switch to another mode as I add a certificate, however that does not seem to be the problem, based on the previous statement.
On the server, I get:
You need to fix the values for the ports since they default to 8080 and 8443. See the section on Channel Security in the docs - http://grails-plugins.github.com/grails-spring-security-core/docs/manual/ - about the grails.plugins.springsecurity.portMapper.httpPort
and grails.plugins.springsecurity.portMapper.httpsPort
config attributes.
这篇关于grails - spring-security-core安全通道导致重定向循环(在Heroku上)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!